Zero-Days Hit 90 in 2025 While Critical Flaws in Hikvision and Rockwell Get CISA's Attention
Zero-Days Hit 90 in 2025 While Critical Flaws in Hikvision and Rockwell Get CISA’s Attention
We’re barely into March, and the security news is already painting a concerning picture of what 2025 looked like for our industry. Google’s Threat Intelligence Group just dropped some sobering numbers, and CISA’s adding more critical vulnerabilities to their Known Exploited Vulnerabilities catalog. Let me walk you through what caught my attention this week.
The Zero-Day Reality Check
Here’s the number that made me pause: Google tracked 90 zero-day vulnerabilities that were actively exploited throughout 2025. That’s not just discovered – that’s actively exploited in the wild. What’s particularly interesting is that almost half of these zero-days targeted enterprise software and appliances.
This tells us something we’ve been suspecting for a while: attackers are getting better at finding and weaponizing vulnerabilities in the enterprise tools we rely on daily. It’s not just consumer browsers and operating systems anymore – they’re going after the infrastructure that keeps businesses running.
The shift toward enterprise targets makes sense from an attacker’s perspective. Hit a consumer device, you get one person’s data. Hit an enterprise appliance or software platform, and you potentially get access to an entire organization’s network.
CISA Sounds the Alarm on Critical Infrastructure
Speaking of enterprise targets, CISA just added two nasty vulnerabilities to their KEV catalog, and both are scoring a perfect 9.8 on the CVSS scale. The agency flagged flaws in Hikvision and Rockwell Automation products, citing evidence of active exploitation.
The Hikvision vulnerability (CVE-2017-7921) is particularly concerning because it’s an improper authentication flaw. Yes, you read that date right – this is from 2017, and it’s still being exploited. That should give us all pause about our patch management processes, especially for security cameras and surveillance systems that often get deployed and forgotten.
When CISA adds something to the KEV catalog, they’re essentially saying “this is being used against us right now.” For federal agencies, this means they have a binding operational directive to patch within a specific timeframe. For the rest of us, it should be treated with the same urgency.
Latin America Under Siege
Here’s a trend that’s been flying under the radar: Latin America is now facing twice as many cyberattacks as the United States. The report attributes this to struggles with cybersecurity maturity across much of Central and South America.
This isn’t just a regional problem – it’s a global supply chain issue. Many organizations have operations, partners, or vendors in Latin America. When cybersecurity maturity lags in one region, it creates entry points that can affect organizations worldwide.
What’s particularly troubling is that this appears to be opportunistic targeting. Attackers are going where the defenses are weakest, which means organizations operating in or with these regions need to be extra vigilant about their security posture and that of their partners.
Cisco’s Massive Patch Tuesday
Meanwhile, Cisco had quite the week, releasing patches for 48 vulnerabilities across their enterprise networking products. Two of these affecting the Secure Firewall Management Center earned the maximum severity rating.
Forty-eight vulnerabilities in a single batch might sound alarming, but honestly, I’d rather see this than vendors sitting on known issues. What concerns me more is ensuring organizations have the processes in place to evaluate and deploy these patches quickly, especially for the maximum-severity flaws.
The Secure Firewall Management Center vulnerabilities are particularly critical because these systems often have elevated network access and visibility. A compromise here could give an attacker significant insight into network topology and security controls.
Investment in Remediation Tools
On a more positive note, we’re seeing continued investment in security tooling. Reclaim Security just raised $20 million to accelerate their remediation platform. While I can’t speak to their specific solution, the fact that investors are putting serious money into remediation tools tells us the market recognizes we have a problem with the speed of security fixes.
Given the volume of vulnerabilities we’re seeing – 90 zero-days, 48 Cisco patches in one go, ongoing exploitation of years-old flaws – having better tools to prioritize and accelerate remediation isn’t just nice to have anymore. It’s becoming essential.
What This Means for Our Programs
Looking at these stories together, I see a few clear implications for our security programs. First, we need to get serious about asset inventory and patch management, especially for enterprise appliances that might not be getting the same attention as our servers and workstations.
Second, if you have any presence in Latin America – whether that’s offices, partners, or vendors – now’s the time to review those relationships and ensure security standards are being met.
Finally, the sheer volume of vulnerabilities being actively exploited suggests we need to get better at threat-based prioritization. We can’t patch everything immediately, but we can make sure we’re focusing on the things that pose the greatest risk to our specific environments.
Sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- Google says 90 zero-days were exploited in attacks last year
- LatAm Now Faces 2x More Cyberattacks Than US
- Reclaim Security Raises $20 Million to Accelerate Remediation
- Cisco Issues Patches for 48 Vulnerabilities in Enterprise Networking Products